In message <200012142023.MAA12823@pizda.ninka.net> you write:
> Date: Thu, 14 Dec 2000 15:35:48 -0500 (EST)
> From: "Mohammad A. Haque" <mhaque@haque.net>
>
> I'll be trying in a few hours.
>
> Meanwhile for people wanting the crashes to be fixed, please
> apply this patch.
>
> This was _always_ broken, and really what netfilter is doing
> should have never worked. The only theory I have right now
> is that people using netfilter never had IP fragments timeout.
> :-)
Ick, we've previously had issues with using the defrag routine from
PRE_ROUTING (Andi fixed the `called without bh disabled' problem). 8(
Good news is that it's all done from one place:
net/ipv4/ip_conntrack_core.c:910:ip_ct_gather_frags(struct sk_buff *skb)
You can fix it to obey the rules there, rather than hacking fragment
code.
Cheers,
Rusty.
-- Hacking time. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Dec 23 2000 - 21:00:18 EST